binder: undelivered TRANSACTION_ERROR: 29189 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor4/10453 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 10453 Comm: syz-executor4 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cfeff6d8 ffffffff81d90889 0000000000000001 ffffffff83c17800 ffffffff83f42ec0 ffff8801c893e000 0000000000000003 ffff8801cfeff718 ffffffff81df7854 ffff8801cfeff730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 10507 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a57c7840 ffffffff81d90889 ffff8801a57c7b20 0000000000000000 ffff8801d1b3f490 ffff8801a57c7a10 ffff8801d1b3f380 ffff8801a57c7a38 ffffffff8165e497 0000000000004c26 ffff8801a5958918 ffff8801a59588a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_fsetxattr fs/xattr.c:504 [inline] [] SyS_fsetxattr+0x130/0x190 fs/xattr.c:493 [] entry_SYSCALL_64_fastpath+0x23/0xc6 nla_parse: 7 callbacks suppressed netlink: 11 bytes leftover after parsing attributes in process `syz-executor1'. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 10507 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a57c7840 ffffffff81d90889 ffff8801a57c7b20 0000000000000000 ffff8801a60d3910 ffff8801a57c7a10 ffff8801a60d3800 ffff8801a57c7a38 ffffffff8165e497 0000000000004c26 ffff8801a5958918 ffff8801a59588a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_fsetxattr fs/xattr.c:504 [inline] [] SyS_fsetxattr+0x130/0x190 fs/xattr.c:493 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 10497 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d989f5d0 ffffffff81d90889 ffff8801d989f8b0 0000000000000000 ffff8801a60d3910 ffff8801d989f7a0 ffff8801a60d3800 ffff8801d989f7c8 ffffffff8165e497 0000000000003af1 ffff8801d85e88f0 ffff8801d85e88a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. tc_dump_action: action bad kind netlink: 13 bytes leftover after parsing attributes in process `syz-executor2'. tc_dump_action: action bad kind netlink: 13 bytes leftover after parsing attributes in process `syz-executor2'. device gre0 entered promiscuous mode binder: 10872:10878 got transaction to invalid handle binder: 10872:10878 transaction failed 29201/-22, size 32-40 line 3007 binder: 10872:10891 BC_ACQUIRE_DONE u0000000000000000 no match binder: 10872:10891 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 10872:10891 got reply transaction with no transaction stack binder: 10872:10891 transaction failed 29201/-71, size 48-40 line 2923 binder: 10872:10891 got transaction to invalid handle binder: 10872:10891 transaction failed 29201/-22, size 32-40 line 3007 binder: undelivered TRANSACTION_ERROR: 29201 netlink: 6 bytes leftover after parsing attributes in process `syz-executor4'. device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable device gre0 entered promiscuous mode binder: 11031:11044 ioctl 2403 ffff returned -22 binder: 11031:11044 ioctl 8004e500 2000effc returned -22 binder: undelivered death notification, 0000000000000000 binder: 11031:11044 ioctl 2403 ffff returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 11031:11063 ioctl 40046207 0 returned -16 binder: 11031:11072 ioctl 8004e500 2000effc returned -22 binder: 11084:11086 got transaction with invalid offset (40, min 0 max 80) or object. binder: 11084:11086 transaction failed 29201/-22, size 80-8 line 3193 binder: BINDER_SET_CONTEXT_MGR already set binder: 11084:11086 ioctl 40046207 0 returned -16 binder: 11084:11086 transaction failed 29201/-28, size 0-4629809268588045068 line 3130 binder: binder_mmap: 11084 204c6000-204c7000 bad vm_flags failed -1 binder_alloc: binder_alloc_mmap_handler: 11084 20000000-20002000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 11084 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 11084:11093 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 11084:11093 ioctl 40046207 0 returned -16 binder_alloc: 11084: binder_alloc_buf, no vma binder: 11084:11086 transaction failed 29189/-3, size 0-4629809268588045068 line 3130 binder: binder_mmap: 11084 204c6000-204c7000 bad vm_flags failed -1 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered death notification, 0000000000000000 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 11130 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ce4778e0 ffffffff81d90889 ffff8801ce477bc0 0000000000000000 ffff8801d1b3fa90 ffff8801ce477ab0 ffff8801d1b3f980 ffff8801ce477ad8 ffffffff8165e497 0000000000003af1 ffff8801c74620f0 ffff8801c74620a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] strndup_user+0x28/0xb0 mm/util.c:160 [] SYSC_request_key security/keys/keyctl.c:186 [inline] [] SyS_request_key+0xd6/0x2d0 security/keys/keyctl.c:158 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 11119 Comm: syz-executor0 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a6d1f940 ffffffff81d90889 ffff8801a6d1fc20 0000000000000000 ffff8801a60d2890 ffff8801a6d1fb10 ffff8801a60d2780 ffff8801a6d1fb38 ffffffff8165e497 0000000000003af1 ffff8801c45f08f0 ffff8801c45f08a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 11126 Comm: syz-executor0 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d12975d0 ffffffff81d90889 ffff8801d12978b0 0000000000000000 ffff8801a60d2890 ffff8801d12977a0 ffff8801a60d2780 ffff8801d12977c8 ffffffff8165e497 0000000000003af1 ffff8801c45f50f0 ffff8801c45f50a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode binder: 11362:11367 ERROR: BC_REGISTER_LOOPER called without request binder: 11362:11367 ioctl c0306201 20008fd0 returned -11 binder: 11362:11379 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 11362:11379 got reply transaction with no transaction stack binder: 11362:11379 transaction failed 29201/-71, size 48-16 line 2923 sock: process `syz-executor3' is using obsolete setsockopt SO_BSDCOMPAT binder: BINDER_SET_CONTEXT_MGR already set binder: 11362:11403 ioctl 40046207 0 returned -16 binder: 11362:11379 ERROR: BC_REGISTER_LOOPER called without request binder: 11362:11379 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 11362:11379 got reply transaction with no transaction stack binder: 11362:11379 transaction failed 29201/-71, size 48-16 line 2923 IPVS: Creating netns size=2536 id=19 : renamed from syz3 binder: 11469:11471 ERROR: BC_REGISTER_LOOPER called without request binder: 11469:11471 ioctl c0306201 20008fd0 returned -11 binder: 11469:11471 transaction failed 29189/-22, size 0-0 line 3007 binder: 11469:11471 BC_ACQUIRE_DONE node 77 has no pending acquire request binder: 11469:11471 got reply transaction with no transaction stack binder: 11469:11471 transaction failed 29201/-71, size 48-40 line 2923 binder: 11469:11493 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 11469: binder_alloc_buf, no vma binder: 11469:11471 transaction failed 29189/-3, size 0-0 line 3130 binder: BINDER_SET_CONTEXT_MGR already set binder: 11469:11509 ioctl 40046207 0 returned -16 binder: 11469:11471 BC_ACQUIRE_DONE u0000000000000000 no match binder: 11469:11471 got reply transaction with no transaction stack binder: 11469:11471 transaction failed 29201/-71, size 48-40 line 2923 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads device lo entered promiscuous mode device lo left promiscuous mode binder: 11577:11578 ioctl c018620b 20009fe8 returned -14 nla_parse: 8 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. device lo left promiscuous mode binder: 11577:11578 ERROR: BC_REGISTER_LOOPER called without request device lo entered promiscuous mode binder: 11577:11578 ERROR: BC_REGISTER_LOOPER called without request binder: 11577:11578 DecRefs 0 refcount change on invalid ref 3 ret -22 binder: 11577:11578 DecRefs 0 refcount change on invalid ref 1 ret -22 binder: 11577:11585 unknown command 0 binder: 11577:11585 ioctl c0306201 20008fd0 returned -22 binder: 11577:11585 got reply transaction with no transaction stack binder: 11577:11585 transaction failed 29201/-71, size 0-0 line 2923 binder: release 11577:11578 transaction 87 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 87, target dead netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. device gre0 entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. device gre0 entered promiscuous mode netlink: 17 bytes leftover after parsing attributes in process `syz-executor0'. qtaguid: iface_stat: create6(lo): no inet dev netlink: 17 bytes leftover after parsing attributes in process `syz-executor0'. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 11937 Comm: syz-executor7 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ce6f79a0 ffffffff81d90889 ffff8801ce6f7c80 0000000000000000 ffff8801d1b3f010 ffff8801ce6f7b70 ffff8801d1b3ef00 ffff8801ce6f7b98 ffffffff8165e497 0000000000003af1 ffff8801d507d0f0[ 71.265367] program syz-executor2 is using a deprecated SCSI ioctl, please convert it to SG_IO ffff8801d507d0a0Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 program syz-executor2 is using a deprecated SCSI ioctl, please convert it to SG_IO [] SYSC_sigaltstack kernel/signal.c:3170 [inline] [] SyS_sigaltstack+0x6c/0x90 kernel/signal.c:3168 [] entry_SYSCALL_64_fastpath+0x23/0xc6 sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 device eql entered promiscuous mode skbuff: bad partial csum: csum=65534/0 len=32 binder: 12092:12094 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 12092:12094 got transaction to invalid handle binder: 12092:12094 transaction failed 29201/-22, size 24-16 line 3007 binder: 12092:12104 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 12092:12094 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12113 comm=syz-executor7 binder: 12092:12104 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 12092:12094 unknown command 1986356271 binder: 12092:12094 ioctl c0306201 20003fd0 returned -22 binder: 12092:12121 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 12092:12121 Release 1 refcount change on invalid ref 0 ret -22 binder: 12092:12121 got transaction to invalid handle binder: 12092:12121 transaction failed 29201/-22, size 24-16 line 3007 binder: undelivered death notification, 0000000000000000 binder: 12148:12150 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 12148:12150 BC_FREE_BUFFER u000000002011a000 no match binder: 12148:12150 BC_INCREFS_DONE u000000002011a000 no match binder: 12148:12150 IncRefs 0 refcount change on invalid ref 3 ret -22 binder: 12148:12150 BC_DEAD_BINDER_DONE 0000000000000001 not found binder: 12148:12150 BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 binder: 12148:12150 BC_DEAD_BINDER_DONE 0000000000000000 not found binder_alloc: 12148: binder_alloc_buf size 72057594037986512 failed, no address space binder_alloc: allocated: 32 (num: 1 largest: 32), free: 4194272 (num: 1 largest: 4194272) binder: 12148:12150 transaction failed 29201/-28, size 0-40 line 3130 binder: BINDER_SET_CONTEXT_MGR already set binder: 12148:12158 ioctl 40046207 0 returned -16 binder: 12148:12179 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 12148:12179 unknown command 0 binder: 12148:12179 ioctl c0306201 20004000 returned -22 binder: 12148:12150 IncRefs 0 refcount change on invalid ref 3 ret -22 binder: 12148:12150 BC_DEAD_BINDER_DONE 0000000000000001 not found binder_alloc: 12148: binder_alloc_buf, no vma binder: 12148:12158 transaction failed 29189/-3, size 0-40 line 3130 binder: 12148:12150 BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 binder: 12148:12150 unknown command 0 binder: 12192:12195 got reply transaction with no transaction stack binder: 12192:12195 transaction failed 29201/-71, size 112-16 line 2923 binder: 12148:12150 ioctl c0306201 20007000 returned -22 binder: release 12148:12150 transaction 94 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 94, target dead binder: 12192:12205 got reply transaction with no transaction stack binder: 12192:12205 transaction failed 29201/-71, size 112-16 line 2923 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29201 binder: 12238:12240 ioctl 4b6d 0 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 12238:12259 ioctl 40046207 0 returned -16 binder: 12238:12272 ioctl 4b6d 0 returned -22 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=22 sclass=netlink_tcpdiag_socket pig=12303 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pig=12304 comm=syz-executor1 binder: 12315:12316 IncRefs 0 refcount change on invalid ref 2 ret -22 binder: 12315:12316 Acquire 1 refcount change on invalid ref 4 ret -22 binder: 12315:12316 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 12315:12316 unknown command 0 binder: 12315:12316 ioctl c0306201 20000fd0 returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pig=12311 comm=syz-executor1 binder: 12315:12319 unknown command 0 binder: 12315:12319 ioctl c0306201 20000fd0 returned -22 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=22 sclass=netlink_tcpdiag_socket pig=12307 comm=syz-executor2 binder: 12374:12376 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 12374: binder_alloc_buf, no vma binder: 12374:12386 transaction failed 29189/-3, size 0-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: 12374:12386 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 12374: binder_alloc_buf, no vma binder: 12374:12376 transaction failed 29189/-3, size 0-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 12552 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a5397850 ffffffff81d90889 ffff8801a5397b30 0000000000000000 ffff8801d89e2410 ffff8801a5397a20 ffff8801d89e2300 ffff8801a5397a48 ffffffff8165e497 0000000000003af1 ffff8801ca3e08f0 ffff8801ca3e08a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012